Finally, after months of work (part-time) MyStickies is live. What is MyStickies? Sticky notes for the web, and much more. MyStickies is a javascript script that can draw notes on web pages and tag them. The notes are saved to an online account and whenever you come back to the page, the notes will load back up. The account you create on MyStickies.com is also great because you can manage your notes from there. You can see what your most recent notes are. You can view them by domain, or by tag. You can even open them right there to view and/or edit their content. To get started you can go to http://www.mystickies.com/ and signup for an account. To test out the sticky process just press the “Try Me” button on the home page and you’ll get a note. You can also press Alt+Click+Drag to create notes, and if you press Alt+Click on the header of the note you can toggle between colors if you would like your note in green, blue, or gray instead. There are two ways to get that javascript onto your page so you can place notes and see the ones you’ve placed. Those are through a browser extension (Firefox it currently supported with others soon to follow) and through a bookmarklet. The extension makes it so you always have your notes there automatically. The bookmarklet will need to be clicked on every page you want to see or place your notes. If you go the extension route (recommended), make sure you log back into your account after installing the extension so that the account can register with your extension. Now you know why I haven’t posted much for awhile. I still intend to get to the ecommerce tutorial eventually. And write more in the future, but we’ll see how much time I have after MyStickies. We still have many more features in store. We hope to be able to get people linked up with their friends soon. Then they can share a tag of notes with a friend. After that we will be introducing public notes which after being made public anyone can modify (or delete). We’re not sure how that will go over, but no one was sure if wikis would work our when they first came along. We’ll leave the rest of our plans a mystery for now so you can still have some suprises later. MyStickies is a free service and we will keep it free. However, it costs a lot of money for us to keep it up, and there are several ways in which we could fund it to pay for servers, bandwidth, etc. The most attractive way would be to offer additional services for a price, above that of the basic free account. Would people be interested in installing

MyStickies on their own websites for a monthly fee. Something that users woiuld see and optionally can use too without an account. This would be a wonderful tool for web development companies for prototyping and letting clients post feature requests on their development site. 37 Signals talks about making the interface a spec which MyStickies could really make easy. I’m sure there are many other uses as well that I haven’t thought of. Let us know what kind of services might be useful.

Hi, it is an interesting idea and I wish you a lot of success with it, but I decided against trying it out because I don’t like having all the websites I visit recorded by a third party. If you ever enhance the extension such that it stored the information about stickies in a local file rather than in a database on your site, I would be happy to try it out. I wouldn’t mind even signing up with an account for the purpose of being able to “publish” stickies when you implement the ability to share them.

I’d also suggest that you put a little more info on the homepage for the app. You have sign up links, but you don’t mention the requirements or how you store your data or anything. I found this page from digg.

Awesome, awesome service! The wheels in my head are turning already… One thing that would be very useful is stickies in the shapes of arrows- that way you could point out a specific object on the page.

I have the same privacy concerns that one of the posters above has. The plugin must be querying your site for every site the user visits to see if it holds a sticky, the way I understand it. If it could instead keep the sticky list local and sync it from your server once at startup and then update it when the user adds new stickies, that would be best. An all local sticky saving option would be even better.

It’s just a good thing I know and trust you Jacob or I might have the same concerns. As it is I know that you already know my taste in visiting and bookmarking sites about Care Bears so I don’t mind the lack of privacy. But good work on the stickies. They rock!

At the moment you are sending user=username&password=md5(password) over a non-secure connection (http) – obviously no way around this, so you should really be doing something a bit more secure then a single md5() encryption technique.

You should also serious consider a bit of security on your end to defeat middle-man packet stream captures. A good start to this would be the detection of certain key variable names (sid, username, password, phpsession, etc, etc) from the http_referral. As it is, any (ignorant/newbiew) programmer who uses the _GET method to allow values to be passed through are seriously opening their systems up to even greater amount of middle-man spoof when their visitors are using myStickes. While I would agree this is not something that *should* fall on your shoulders, as a group that hopefully desires to keep a good reputation, it should be your goal to take the higher road. Stripping out very unnecessary values from the http_referral should be action you take. I say “very unnecessary” because these type of sites/pages are normally such that the end-user is *never* going to be able to revisit that *exact* page – due to the variance of session values. (which brings up the issue of saving stickes on pages where folks log in, and the web developer passes session id’s through the URI’s… this will make it impossible for them to ever revisit that exact page. Of course their sticky note will still be in their mySticky Dashboard.

Anyway, I am loving the service you provide. As an enterprise software developer, I just see a lot of things you should seriously consider to strengthen the overall security of your service – not because it is insecure if you do not, but because it’s the right thing to do.

To recap, I would suggest three things:

(1) Single md5 hashes have been known to be breakable (phpBB learned that on the hard way),

(3) Finding a way to deal with stickies on session-based pages is something to ponder on… I sure cannot think of a way to deal with that properly, unless you start assigning a GUID with each and every domain and based stickies on both the exact URL and GUID values. (ugghh, not pretty, but might actually prove to work)